Years ago, there was a saying “You can’t be fired for selecting IBM.” In today’s competitive business environment, selecting a cloud provider is a critical strategic decision. This article explores some of the areas to focus on as you embark down the cloud evaluation and selection road.

A CIO colleague of mine once said, “I’m going the safe route and placing all my eggs in the Amazon basket.” It wasn’t until months later he discovered he was paying four times what he should be because he bought the complete five-course dinner versus à la carte services for what he needed. Live and learn. That said, Amazon is the world leader in cloud solutions and provides exceptional services.

Listed below are eight keys areas to consider when selecting a cloud provider.

Have well-defined business objectives

You wouldn’t build a house without a blueprint. Eighty percent of the work in moving to the cloud is defining your objectives and obtaining a consensus from the senior management team you have that sewed up. This is the most important and challenging process. Miss this strategic step and the rest is a recipe for failure. As you discuss these requirements with various providers, ensure they understand what your goals are and can converse at your level in terms of objectives. Remember, you’re selecting a partner. This is particularly true if you are in a vertical market such as finance or health care.

Security certifications

This topic needs no formal introduction. That said, there is a security certification process companies can elect to participate in from the Cloud Security Alliance (CSA) and British Standards Institution (BSI). Similar to a Good Housekeeping Seal of Approval, service providers can opt in to this third-party assessment of their security architecture and receive certification. There are other certification organizations well such as ISO 27001 and the government’s Cyber Essentials Scheme. You can also ask for internal audit reports from your prospective providers and view their track record of incidents and how they were handled.

Data security

You don’t want to be in the headlines as we have seen in recent weeks where third-party cloud services have been accused of mishandling customer’s personal information. When evaluating cloud providers, ask to see their security, privacy, and data-handling policies. Who will have access to your data? What type of protections do they have in place to ensure confidentiality. Also check out their backup and recovery plans to understand where your backup data is being stored, how, and by whom.

Where does the provider host their datacenters?

You might not think about this one, but their answers could surprise you. Providers who use low-cost, foreign sites for some of their datacenters may be placing your information at risk. This is especially true if these datacenters are in countries that may become unstable. Many countries have lax security and compliance regulations. If you are a company that is ITAR-compliant (International Traffic in Arms Regulations) your data must reside on US soil and be staffed by permanent US citizens.

Check references

Do not skip this step, regardless of how well known the provider is. Talk to two or three existing customers and ask lots of questions, in particular how their customer support model works. This can separate the world class providers from the wannabes. When asking for references, request customers that are in the same business and have deployed the same models of services you are considering. This provides an apples-to-apples comparison.

Disaster recovery

If your cloud provider goes down, what happens to your business? How long can you be down before significant losses begin to occur? Commonly overlooked, request copies of their disaster recovery plans. Granted, most companies will not disclose this sensitive document, but you can usually receive an abridged sanitized version to get a sense they have this most critical service covered. As an added security measure, consider purchasing additional risk insurance to cover potential losses.

Exit planning

It’s difficult to discuss divorce when you are getting married. That said, planning your departure from a cloud provider should be negotiated prior to signing on. Consider terms favorable to you relative to exit strategies, minimal penalties, and most important data egress. The ability for you retrieve your data back after the relationship is ended, is a critical element many company fail to realize and negotiate.

Cost

I have placed this section at the end intentionally. If you focus too much on the cost of a cloud service, you may not see the forest through the trees. Yes, do your due diligence and compare costs from several providers. During my 25-plus years as a CIO, I never made a vendor selection based on price. It can be a tie-breaker or eliminate vendors that have pricing strategies significantly astray from the competition. A judgment call is required here.

Summary

Selecting a cloud provider is a critical and strategic process. A significant due diligence process is required to ensure you are obtaining the best service for your business needs. Involve all areas of your business to define requirements, obtain executive involvement and endorsement, and select a provider that will meet or exceed your expectations.

This article is published as part of the IDG Contributor Network. Want to Join?